raneto is vulnerable to cross-site scripting. The vulnerability exists in route_page_edit
function in page.edit.route.js
due to improper html escaping on submit of page edit which allows an attacker to inject and execute malicious javascript.
http:
raneto.com/
cwe.mitre.org/data/definitions/79.html
gainsec.com/2022/08/04/cve-2022-35142-cve-2022-35143-cve-2022-35144/
github.com/advisories/GHSA-vc68-6x72-w22f
github.com/gilbitron/Raneto/commit/80c5d798a823c6396b160c890d55bbb29f39653a
github.com/gilbitron/Raneto/pull/370
github.com/gilbitron/Raneto/releases